From: Dan Sledz Date: Tue, 10 Feb 2009 19:06:44 +0000 (-0800) Subject: s3: Implement wbcGetpwsid X-Git-Url: http://git.samba.org/samba.git/?p=tprouty%2Fsamba.git;a=commitdiff_plain;h=aed8e9aa0a887e31562ac9da38ee4a878a4dd4ba s3: Implement wbcGetpwsid * Adds the plumbing required to lookup users by sid into winbind, wbinfo and smbd helper lib (winbind_util.c). * Removes some double declarations of winbind_util.c functions. * Bumps the winbind protocol version to 21 and the minor version of wbclient to 3. --- diff --git a/nsswitch/libwbclient/wbc_pwd.c b/nsswitch/libwbclient/wbc_pwd.c index cd945996c8..dacd9499dd 100644 --- a/nsswitch/libwbclient/wbc_pwd.c +++ b/nsswitch/libwbclient/wbc_pwd.c @@ -190,6 +190,45 @@ wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd) return wbc_status; } +/* Fill in a struct passwd* for a domain user based on sid */ +wbcErr wbcGetpwsid(struct wbcDomainSid *sid, struct passwd **pwd) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + char * sid_string = NULL; + + if (!pwd) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = wbcSidToString(sid, &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.data.sid, sid_string, sizeof(request.data.sid)); + + wbc_status = wbcRequestResponse(WINBINDD_GETPWSID, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + *pwd = copy_passwd_entry(&response.data.pw); + BAIL_ON_PTR_ERROR(*pwd, wbc_status); + + done: + if (sid_string) { + wbcFreeMemory(sid_string); + } + + return wbc_status; +} + /* Fill in a struct passwd* for a domain user based on username */ wbcErr wbcGetgrnam(const char *name, struct group **grp) { diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index 990cc52df7..4663624f91 100644 --- a/nsswitch/libwbclient/wbclient.h +++ b/nsswitch/libwbclient/wbclient.h @@ -60,9 +60,10 @@ const char *wbcErrorString(wbcErr error); * 0.1: Initial version * 0.2: Added wbcRemoveUidMapping() * Added wbcRemoveGidMapping() + * 0.3: Added wbcGetpwsid() **/ #define WBCLIENT_MAJOR_VERSION 0 -#define WBCLIENT_MINOR_VERSION 2 +#define WBCLIENT_MINOR_VERSION 3 #define WBCLIENT_VENDOR_VERSION "Samba libwbclient" struct wbcLibraryDetails { uint16_t major_version; @@ -836,6 +837,17 @@ wbcErr wbcGetpwnam(const char *name, struct passwd **pwd); **/ wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd); +/** + * @brief Fill in a struct passwd* for a domain user based + * on sid + * + * @param sid Sid to lookup + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcGetpwsid(struct wbcDomainSid * sid, struct passwd **pwd); + /** * @brief Fill in a struct passwd* for a domain user based * on username diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index ce53cadc58..372896ce71 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -202,6 +202,31 @@ static bool wbinfo_get_uidinfo(int uid) return true; } +static bool wbinfo_get_user_sidinfo(const char *sid_str) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct passwd *pwd = NULL; + struct wbcDomainSid sid; + + wbc_status = wbcStringToSid(sid_str, &sid); + wbc_status = wbcGetpwsid(&sid, &pwd); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + d_printf("%s:%s:%d:%d:%s:%s:%s\n", + pwd->pw_name, + pwd->pw_passwd, + pwd->pw_uid, + pwd->pw_gid, + pwd->pw_gecos, + pwd->pw_dir, + pwd->pw_shell); + + return true; +} + + /* pull grent for a given group */ static bool wbinfo_get_groupinfo(const char *group) { @@ -1564,6 +1589,7 @@ enum { OPT_LIST_ALL_DOMAINS, OPT_LIST_OWN_DOMAIN, OPT_UID_INFO, + OPT_USER_SIDINFO, OPT_GROUP_INFO, OPT_GID_INFO, OPT_VERBOSE, @@ -1622,6 +1648,7 @@ int main(int argc, char **argv, char **envp) { "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" }, { "uid-info", 0, POPT_ARG_INT, &int_arg, OPT_UID_INFO, "Get user info from uid", "UID" }, { "group-info", 0, POPT_ARG_STRING, &string_arg, OPT_GROUP_INFO, "Get group info", "GROUP" }, + { "user-sidinfo", 0, POPT_ARG_STRING, &string_arg, OPT_USER_SIDINFO, "Get user info from sid", "SID" }, { "gid-info", 0, POPT_ARG_INT, &int_arg, OPT_GID_INFO, "Get group info from gid", "GID" }, { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" }, { "user-domgroups", 0, POPT_ARG_STRING, &string_arg, @@ -1860,6 +1887,13 @@ int main(int argc, char **argv, char **envp) goto done; } break; + case OPT_USER_SIDINFO: + if ( !wbinfo_get_user_sidinfo(string_arg)) { + d_fprintf(stderr, "Could not get info for user sid %s\n", + string_arg); + goto done; + } + break; case OPT_UID_INFO: if ( !wbinfo_get_uidinfo(int_arg)) { d_fprintf(stderr, "Could not get info for uid " diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h index 0b3e74492c..26e45f3c7f 100644 --- a/nsswitch/winbind_struct_protocol.h +++ b/nsswitch/winbind_struct_protocol.h @@ -39,9 +39,11 @@ #define WINBINDD_DONT_ENV "_NO_WINBINDD" #define WINBINDD_LOCATOR_KDC_ADDRESS "WINBINDD_LOCATOR_KDC_ADDRESS" -/* Update this when you change the interface. */ - -#define WINBIND_INTERFACE_VERSION 20 +/* Update this when you change the interface. + * 21: added WINBINDD_GETPWSID + * added WINBINDD_GETSIDALIASES + */ +#define WINBIND_INTERFACE_VERSION 21 /* Have to deal with time_t being 4 or 8 bytes due to structure alignment. On a 64bit Linux box, we have to support a constant structure size @@ -60,6 +62,7 @@ enum winbindd_cmd { WINBINDD_GETPWNAM, WINBINDD_GETPWUID, + WINBINDD_GETPWSID, WINBINDD_GETGRNAM, WINBINDD_GETGRGID, WINBINDD_GETGROUPS, diff --git a/source3/include/proto.h b/source3/include/proto.h index 8f05c9473d..6ba1fa6360 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1660,6 +1660,8 @@ bool winbind_sid_to_uid(uid_t *puid, const DOM_SID *sid); bool winbind_uid_to_sid(DOM_SID *sid, uid_t uid); bool winbind_sid_to_gid(gid_t *pgid, const DOM_SID *sid); bool winbind_gid_to_sid(DOM_SID *sid, gid_t gid); +struct passwd * winbind_getpwnam(const char * sname); +struct passwd * winbind_getpwsid(const DOM_SID *sid); wbcErr wb_is_trusted_domain(const char *domain); bool winbind_lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, @@ -1668,22 +1670,6 @@ bool winbind_lookup_rids(TALLOC_CTX *mem_ctx, const char ***names, enum lsa_SidType **types); bool winbind_allocate_uid(uid_t *uid); bool winbind_allocate_gid(gid_t *gid); -bool winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid, - enum lsa_SidType *name_type); -bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid, - const char **domain, const char **name, - enum lsa_SidType *name_type); -bool winbind_ping(void); -bool winbind_sid_to_uid(uid_t *puid, const DOM_SID *sid); -bool winbind_uid_to_sid(DOM_SID *sid, uid_t uid); -bool winbind_sid_to_gid(gid_t *pgid, const DOM_SID *sid); -bool winbind_gid_to_sid(DOM_SID *sid, gid_t gid); -wbcErr wb_is_trusted_domain(const char *domain); -bool winbind_lookup_rids(TALLOC_CTX *mem_ctx, - const DOM_SID *domain_sid, - int num_rids, uint32 *rids, - const char **domain_name, - const char ***names, enum lsa_SidType **types); /* The following definitions come from lib/wins_srv.c */ diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c index 14356b09cf..686e70f4ad 100644 --- a/source3/lib/winbind_util.c +++ b/source3/lib/winbind_util.c @@ -24,6 +24,43 @@ #include "nsswitch/libwbclient/wbclient.h" +struct passwd * winbind_getpwnam(const char * name) +{ + wbcErr result; + struct passwd * tmp_pwd = NULL; + struct passwd * pwd = NULL; + + result = wbcGetpwnam(name, &tmp_pwd); + if (result != WBC_ERR_SUCCESS) + return pwd; + + pwd = tcopy_passwd(talloc_tos(), tmp_pwd); + + wbcFreeMemory(tmp_pwd); + + return pwd; +} + +struct passwd * winbind_getpwsid(const DOM_SID *sid) +{ + wbcErr result; + struct passwd * tmp_pwd = NULL; + struct passwd * pwd = NULL; + struct wbcDomainSid dom_sid; + + memcpy(&dom_sid, sid, sizeof(dom_sid)); + + result = wbcGetpwsid(&dom_sid, &tmp_pwd); + if (result != WBC_ERR_SUCCESS) + return pwd; + + pwd = tcopy_passwd(talloc_tos(), tmp_pwd); + + wbcFreeMemory(tmp_pwd); + + return pwd; +} + /* Call winbindd to convert a name to a sid */ bool winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid, @@ -236,6 +273,16 @@ bool winbind_allocate_gid(gid_t *gid) #else /* WITH_WINBIND */ +struct passwd * winbind_getpwnam(const char * name) +{ + return NULL; +} + +struct passwd * winbind_getpwsid(const DOM_SID *sid) +{ + return NULL; +} + bool winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid, enum lsa_SidType *name_type) { diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 5720bfc517..218076c726 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -420,6 +420,7 @@ static struct winbindd_dispatch_table { { WINBINDD_GETPWNAM, winbindd_getpwnam, "GETPWNAM" }, { WINBINDD_GETPWUID, winbindd_getpwuid, "GETPWUID" }, + { WINBINDD_GETPWSID, winbindd_getpwsid, "GETPWSID" }, { WINBINDD_SETPWENT, winbindd_setpwent, "SETPWENT" }, { WINBINDD_ENDPWENT, winbindd_endpwent, "ENDPWENT" }, diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index c302dd1d62..58df8d875f 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -495,6 +495,7 @@ enum winbindd_result winbindd_dual_userinfo(struct winbindd_domain *domain, struct winbindd_cli_state *state); void winbindd_getpwnam(struct winbindd_cli_state *state); void winbindd_getpwuid(struct winbindd_cli_state *state); +void winbindd_getpwsid(struct winbindd_cli_state *state); void winbindd_setpwent(struct winbindd_cli_state *state); void winbindd_endpwent(struct winbindd_cli_state *state); void winbindd_getpwent(struct winbindd_cli_state *state); diff --git a/source3/winbindd/winbindd_user.c b/source3/winbindd/winbindd_user.c index a6740b1fb8..50aea4e0cb 100644 --- a/source3/winbindd/winbindd_user.c +++ b/source3/winbindd/winbindd_user.c @@ -217,8 +217,8 @@ static void getpwsid_queryuser_recv(void *private_data, bool success, static void getpwsid_sid2uid_recv(void *private_data, bool success, uid_t uid); static void getpwsid_sid2gid_recv(void *private_data, bool success, gid_t gid); -static void winbindd_getpwsid(struct winbindd_cli_state *state, - const DOM_SID *sid) +static void getpwsid_queryuser(struct winbindd_cli_state *state, + const DOM_SID *sid) { struct getpwsid_state *s; @@ -509,7 +509,7 @@ static void getpwnam_name2sid_recv(void *private_data, bool success, check_domain_trusted(domname, sid); } - winbindd_getpwsid(state, sid); + getpwsid_queryuser(state, sid); } static void getpwuid_recv(void *private_data, bool success, const char *sid) @@ -535,7 +535,7 @@ static void getpwuid_recv(void *private_data, bool success, const char *sid) return; } - winbindd_getpwsid(state, &user_sid); + getpwsid_queryuser(state, &user_sid); } /* Return a password structure given a uid number */ @@ -553,6 +553,26 @@ void winbindd_getpwuid(struct winbindd_cli_state *state) winbindd_uid2sid_async(state->mem_ctx, uid, getpwuid_recv, state); } +/* Return a password structure given a sid */ +void winbindd_getpwsid(struct winbindd_cli_state *state) +{ + DOM_SID sid; + + /* Ensure null termination */ + state->request.data.sid[sizeof(state->request.data.sid)-1]='\0'; + + DEBUG(3, ("[%5lu]: getpwsid %s\n", (unsigned long)state->pid, + state->request.data.sid)); + + if (!string_to_sid(&sid, state->request.data.sid)) { + DEBUG(5, ("%s not a SID\n", state->request.data.sid)); + request_error(state); + return; + } + + getpwsid_queryuser(state, &sid); +} + /* * set/get/endpwent functions */